Many problems

  • Thread starter Thread starter Guest
  • Start date Start date
Hi Chuck,
I tried to get the update for Adaware, but it failed twice, so I ran it
without the update. It found 6 critical and I deleted them. I don't
understand why the update failed.
 
Is there any way of stopping the "critical items" found and deleted by
Adaware from reinfesting my computer? That's what *I'd* like to know.
 
Hi Chuck,
I was running the Trendmicro scan when I got a message saying,
"..Sysclean.exe has encountered a problem and needs to close...". Before it
closed, there were losts of entries that said, "error <-94>". What is that?
There was a file in the trendmicro folder that I didn't put in there and it
was really long. Most of the entries said, "...could not configure..." or
"access denied". One virus was found (I have Mcafee so I don't know how that
can happen). How do I delete the virus? I then re-started my computer, and
when I was trying to enable System Restore, my computer froze, and at the top
of the box it said, "...System Properties...not responding..." I had to use
Ctrl+Alt+Del and End Task.
Do I re-run Trendmicro's Sysclean? What if it again has a problem & has to
close?
Thanks.
Click to expand...

OK, it definitely sounds like you have an infection. And apparently it's
interfering with diagnosis, like much spyware is designed to do.

Are you running Sysclean in Safe Mode? That's the best way to start.

You can run Sysclean, Stinger, and HijackThis in Safe Mode, after downloading
and installing each in Normal Mode.

You should be able to run AdAware and Spybot S&D in Safe Mode too, but you will
need to update them in Normal Mode first. AA and SSD have to be updated by
running while you're online; Sysclean, Stinger, and HJT can be updated by simply
downloading the appropriate components.

1) Download and install AdAware, HijackThis, Spybot, Stinger and Sysclean per
instructions. Read Sysclean install instructions (on the web page) carefully,
make sure you get it right.
2) Start AdAware and Update it per instructions. Do not start a scan.
3) Start Spybot and update it per instructions. Do not start a scan.
4) Shutdown and restart in Safe Mode. Run Sysclean, Stinger, AdAware, Spybot,
and HijackThis, saving all logs.
5) Post all logs, and let's see where you are.
 
I just typed you a LONG reply, and when I clicked on Post I got this message:
....HTTP ERROR 408/409 Not acceptable/Rescourse conflict Internet Explorer...
I refreshed the page and MY POST WAS ERASED!
I'll try again later.
 
Hi Chuck, thanks for hanging in there with me. Your are my
last resort before I junk this computer. It is less than a
year and a half old, but it has never worked properly. I've
worked with a Dell tech over the phone for a couple of months,
but the more we did, the worse it got. I don't understand
how it gets infected when we formatted and re-installed XP
three times. I had never downloaded anything except from
Microsoft, but while working with Dell, I downloaded a lot.
1. Yes, I ran Sysclean in Safe Mode. I ran CWshredder, Stinger,
Spybot S&D, HijackThis, and AdAware in normal mode.
2. I was not able to update AdAware (failed twice) so I ran it
in normal mode.
3. I saved anything that looked like a list or log, but I can
now only find my HijackThis log. I thought I saved all logs to
the same folder, but I can't even find them in Explore. This
log is at the end of this post.
4. Since I cannot update AdAware I'll have to run it without
the update--is that OK?
5. I have already downloaded AdAware, HijachThis, Spybot, Stinger,
and Sysclean. Do you want me to download them again?
6. HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 8:08:02 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\MOMMY\Local Settings\Temp\Temporary Directory 1
for hijackthis from MajorGeeks.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.worldnet.att.net/ie4/search/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} -
C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents
and Settings\MOMMY\My Documents\ADWARE TOOLS\Spybot S&D Adware Tool\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe
/embedding
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} -
C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097724458105
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Thanks.
 
Hi Chuck, thanks for hanging in there with me. Your are my
last resort before I junk this computer. It is less than a
year and a half old, but it has never worked properly. I've
worked with a Dell tech over the phone for a couple of months,
but the more we did, the worse it got. I don't understand
how it gets infected when we formatted and re-installed XP
three times. I had never downloaded anything except from
Microsoft, but while working with Dell, I downloaded a lot.
1. Yes, I ran Sysclean in Safe Mode. I ran CWshredder, Stinger,
Spybot S&D, HijackThis, and AdAware in normal mode.
2. I was not able to update AdAware (failed twice) so I ran it
in normal mode.
3. I saved anything that looked like a list or log, but I can
now only find my HijackThis log. I thought I saved all logs to
the same folder, but I can't even find them in Explore. This
log is at the end of this post.
4. Since I cannot update AdAware I'll have to run it without
the update--is that OK?
5. I have already downloaded AdAware, HijachThis, Spybot, Stinger,
and Sysclean. Do you want me to download them again?
6. HijackThis log:
Click to expand...


You're doing fine so far. Patience and persistence are what you need in this
case.

The HJT log looks pretty clean. Let's make one final pass.
1) Create a folder "C:\HijackThis", and move contents of "C:\Documents and
Settings\MOMMY\Local Settings\Temp\Temporary Directory 1 for hijackthis from
MajorGeeks.zip\" (ie the current HijackThis folder) into "C:\HijackThis".
2) Start HijackThis in Normal Mode (ie under your normal account).
3) Have HJT fix:
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
4) Close HJT, shutdown and restart, login under your normal account, rerun HJT,
and post a new log.
 
Hi Chuck,
When I was reading your reply, again I got a message saying, "Generic Host
Process for Win32 Services has encountered a problem and has to close...". I
again couldn't get back on the internet so I had to re-start my computer. I
was able to get back on the internet, but it was taking over 3 minutes to
load a page, so I re-started again. It is doing ok now. This is the type of
problems I've had in EVERY program since I got the computer. No matter what
I'm doing or what program I'm in, some message pops up and then something
goes wrong and the program never works properly again.

Wow, your new instructions scare me. I don't even know how to "log on" to
"my account". I never have to log on when I start my computer, and I don't
know if I'll be able to tell HijackThis to fix just one file. I think I'll
wait until Monday to try this when you will be there to answer my questions.
Have a good weekend.

***Wolverine*** said:
Hi Chuck, thanks for hanging in there with me. Your are my
last resort before I junk this computer. It is less than a
year and a half old, but it has never worked properly. I've
worked with a Dell tech over the phone for a couple of months,
but the more we did, the worse it got. I don't understand
how it gets infected when we formatted and re-installed XP
three times. I had never downloaded anything except from
Microsoft, but while working with Dell, I downloaded a lot.
1. Yes, I ran Sysclean in Safe Mode. I ran CWshredder, Stinger,
Spybot S&D, HijackThis, and AdAware in normal mode.
2. I was not able to update AdAware (failed twice) so I ran it
in normal mode.
3. I saved anything that looked like a list or log, but I can
now only find my HijackThis log. I thought I saved all logs to
the same folder, but I can't even find them in Explore. This
log is at the end of this post.
4. Since I cannot update AdAware I'll have to run it without
the update--is that OK?
5. I have already downloaded AdAware, HijachThis, Spybot, Stinger,
and Sysclean. Do you want me to download them again?
6. HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 8:08:02 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\MOMMY\Local Settings\Temp\Temporary Directory 1
for hijackthis from MajorGeeks.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.worldnet.att.net/ie4/search/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} -
C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents
and Settings\MOMMY\My Documents\ADWARE TOOLS\Spybot S&D Adware Tool\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe
/embedding
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} -
C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097724458105
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Thanks.


***Wolverine*** said:
I just typed you a LONG reply, and when I clicked on Post I got this message:
...HTTP ERROR 408/409 Not acceptable/Rescourse conflict Internet Explorer...
I refreshed the page and MY POST WAS ERASED!
I'll try again later.
Click to expand...
Click to expand...
 
Hi Chuck,
When I was reading your reply, again I got a message saying, "Generic Host
Process for Win32 Services has encountered a problem and has to close...". I
again couldn't get back on the internet so I had to re-start my computer. I
was able to get back on the internet, but it was taking over 3 minutes to
load a page, so I re-started again. It is doing ok now. This is the type of
problems I've had in EVERY program since I got the computer. No matter what
I'm doing or what program I'm in, some message pops up and then something
goes wrong and the program never works properly again.

Wow, your new instructions scare me. I don't even know how to "log on" to
"my account". I never have to log on when I start my computer, and I don't
know if I'll be able to tell HijackThis to fix just one file. I think I'll
wait until Monday to try this when you will be there to answer my questions.
Have a good weekend.
Click to expand...

If you're running XP Home with only one user, maybe you don't login. Just start
the computer normally, NOT in Safe Mode. That's all I meant there.

To have HijackThis fix one file, start HJT and Scan. When the results come
back, find the entry I indicated, and click in the box to check it. Then select
"Fix checked". Close HJT, shutdown and restart, start in Normal (not Safe)
Mode, rerun HJT, and post a new log.

I'll be here off and on, so TTYL (literally).

Your problem sure sounds like a spyware or viral infection. How do you connect
to the internet? Do you have a firewall (you absolutely should). This may be
part of the problem.
 
Hi Chuck, I just started to try your suggestion and I'm already having
trouble. I'm not able to create a folder under C:\. I went into EXPLORE,
clicked on LOCAL DISK C:\, clicked on FILE, NEW, FOLDER. The right side of
the screen says, "...these are hidden files...". I can't seem to make a new
folder here. What am I doing wrong?
 
Hi Chuck, I just started to try your suggestion and I'm already having
trouble. I'm not able to create a folder under C:\. I went into EXPLORE,
clicked on LOCAL DISK C:\, clicked on FILE, NEW, FOLDER. The right side of
the screen says, "...these are hidden files...". I can't seem to make a new
folder here. What am I doing wrong?
Click to expand...

Do you have administrative access on your computer? Can you create folders
elsewhere? How about "C:\Program Files\HijackThis" (I personally put all
applications under "Program Files").
 
Hi Chuck, I ASUME I have administrative access on my computer--it is a home
computer (I don't log on. I just turn it on, and the Desktop is there.)
I can create a folder in My Documents, but it puts it in My Documents, not
on the C:\ drive. If I try to type C:\ while I'm naming the folder, it won't
let me type a colon. I tried to do the same in EXPLORE after highlighting My
Programs. It too won't let me type a colon (as a name).
How do you put applications under Program Files? Do you do it in Explore?
 
Hi Chuck, I ASUME I have administrative access on my computer--it is a home
computer (I don't log on. I just turn it on, and the Desktop is there.)
I can create a folder in My Documents, but it puts it in My Documents, not
on the C:\ drive. If I try to type C:\ while I'm naming the folder, it won't
let me type a colon. I tried to do the same in EXPLORE after highlighting My
Programs. It too won't let me type a colon (as a name).
How do you put applications under Program Files? Do you do it in Explore?
Click to expand...

OK, maybe we've got a bit of confusion there. I think where you're going wrong
is trying to type "C:\". Just type the folder name - the system gets the rest
of the path from what folder you're positioned in at the time.

Read this procedure once thru, then execute it precisely.
1) Highlight (single left click) "Program Files" in the tree (left) panel, in
Windows Explorer.
2) Select File - New - Folder.
3) Type "HijackThis" (minus the "") immediately, where the cursor is positioned
("New Folder" highlighted), and hit Enter.
4) Hit Enter a second time, opening the new folder "C:\Program
Files\HijackThis".
5) Copy the downloaded files into this new folder.
 
Back
Top